How do you update a non-interactive account SSH key in Gerrit?

[Trevor Vaughan]

If you have a non-interactive user that you've added to Gerrit via the
'gerrit create-account' command, how do you:

a) Update the SSH key
b) Add additional SSH keys
c) Delete the user

Thanks,

Trevor

--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvau...@onyxpoint.com

-- This account not approved for unencrypted proprietary information --

[Shawn Pearce]

On Thu, Feb 2, 2012 at 07:23, Trevor Vaughan <tvau...@onyxpoint.com> wrote:
> If you have a non-interactive user that you've added to Gerrit via the
> 'gerrit create-account' command, how do you:
>
> a) Update the SSH key

Not easily, the administrator has to edit the database using direct
SQL commands. If you are using the H2 database, the best way to do
this is using `ssh -P 29418 localhost gerrit gsql`. If you are using
MySQL or PostgreSQL those have their own command line tools that are
better to work with than gsql. Changing the key requires finding the
account_id using the accounts table, then creating or updating the
matching key record in the account_ssh_public_keys table.

> b) Add additional SSH keys

See above.

> c) Delete the user

This is pretty hard. Deleting a user will orphan any comments or
review score the user has made. But if you are sure you want to remove
it, you can delete the record from accounts, account_ssh_public_keys,
account_external_ids, and account_group_members. If you want to keep
the account information but lock it to prevent login, remove the
records in account_ssh_public_keys and account_external_ids.

[Trevor Vaughan]

Thanks Shawn.

I eventually just modded the database but it would be really nice to
have this as a feature given the number of pages on how to get various
non-interactive tools working with Gerrit.

I did learn the hard way that you need to use the gerrit command to
flush the ssh key cache after updating the database. That wasn't very
obvious.

Thanks,

Trevor

--

[cliffha...@gmail.com]

Is there a better way to add/update ssh public keys now for non-interactive users? Can I add http password for non-interactive users?

Eg: 

Ref: https://gerrit-review.googlesource.com/Documentation/cmd-create-account.html 

 cat ~/.ssh/id_watcher.pub | ssh -p 29418 review.example.com gerrit create-account --group "'Non-Interactive Users'" --http-password 123abc --ssh-key - watcher

--Ishan

[Matthias Sohn]

On Fri, Mar 22, 2019 at 1:48 AM <cliffha...@gmail.com> wrote:

Is there a better way to add/update ssh public keys now for non-interactive users? Can I add http password for non-interactive users?

Eg: 

Ref: https://gerrit-review.googlesource.com/Documentation/cmd-create-account.html 

 cat ~/.ssh/id_watcher.pub | ssh -p 29418 review.example.com gerrit create-account --group "'Non-Interactive Users'" --http-password 123abc --ssh-key - watcher

you can use the service-user plugin [1] to enable users to create service-users for e.g. their CI systems.

Administrators can configure which users can create service users and what options they are allowed to

configure on their own [2] .

The plugin provides a ssh command to create service users [3] and a REST API which allows creation

and configuration of service users [4].

The plugin has a configuration page in the old GWT UI, it seems it wasn't yet ported to the new Polymer based UI

which is available since Gerrit 2.14.

[1] https://gerrit.googlesource.com/plugins/serviceuser/+/refs/heads/master/src/main/resources/Documentation/about.md

[2] https://gerrit.googlesource.com/plugins/serviceuser/+/refs/heads/master/src/main/resources/Documentation/config.md

[3] https://gerrit.googlesource.com/plugins/serviceuser/+/refs/heads/master/src/main/resources/Documentation/cmd-create.md

[4] https://gerrit.googlesource.com/plugins/serviceuser/+/refs/heads/master/src/main/resources/Documentation/rest-api-config.md

-Matthias